Описание
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
Ссылки
- Broken Link
- Broken Link
- Broken Link
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Third Party Advisory
- Broken Link
- Broken Link
- Broken Link
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Одновременно
Одно из
Одновременно
Одно из
EPSS
7.5 High
CVSS2
Дефекты
Связанные уязвимости
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
EPSS
7.5 High
CVSS2